Description
Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.
Remediation
References
https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028%40%3Cusers.zeppelin.apache.org%3E
http://www.openwall.com/lists/oss-security/2021/09/02/2
https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028%40%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/r99529e175a7c1c9a26bd41a02802c8af7aa97319fe561874627eb999%40%3Cusers.zeppelin.apache.org%3E
https://security.gentoo.org/glsa/202311-04
Related Vulnerabilities
CVE-2013-7285 Vulnerability in maven package org.jbehave:jbehave-core
CVE-2018-11804 Vulnerability in maven package org.apache.spark:spark-core
CVE-2021-29262 Vulnerability in maven package org.apache.solr:solr-core
CVE-2022-25867 Vulnerability in maven package io.socket:socket.io-client
CVE-2022-28157 Vulnerability in maven package com.surenpi.jenkins:phoenix-autotest